- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Update: If you are looking for a way to download updates read this and this new article explains how to slipstream updates with PowerShell and SCCM.
If you have ever watched a fresh OS install download update after update, you understand how frustrating and time consuming it can be. There are several solutions that will ensure a new machine is completely patched before the end user even gets the machine. For example, MDT includes two separate tasks for updating a machine during a task sequence.
The Windows Update Task in an MDT Task Sequence can slow down imaging.
Another common method is to load Windows Update packages into the MDT Deployment Workbench Packages container.
The downside to most methods is the increase in imaging times. When you are installing 150+ updates on a Windows 7 machine, things can slow down to a crawl.
One great alternative is to use DISM and the /add-package parameter. With DISM and a simple batch file, we can loop through Windows Update packages and apply them to our .WIM files. Let’s briefly cover DISM and prep our environment before jumping into the cooler stuff.
Using DISM to install Windows Update packages
Start by creating a folder in the root of C:\. Name the folder Mount. Next, launch an administrative command prompt (WIN + X, A for Windows 8+ machines) and execute DISM to see the list of available options and the proper syntax. If you have ADK installed, you can launch the Deployment and Imaging Tools Environment shortcut as an administrator. This is my preferred method.
Getting help with DISM is made easier with command prompt examples.
Your first step is to mount your OS install.wim file. If you are using MDT, this file is located in your DeploymentShare under Operating Systems\OS Name\sources\. At your administrative command prompt, type the following:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1
When the WIM is mounted, you should be able to browse to C:\Mount and view the contents.
A mounted WIM within Windows Explorer. An OS within an OS.
To add a Windows update, type the following command:
dism /image:C:\Mount /add-package /packagepath:PATH-TO-UPDATE
Adding updates with the above command is almost as tedious as watching 150 of them install. In the past, I would head to the Windows Update catalog and download every update that was needed. Although I will still do this for some single updates, I use a faster method now.
The easier way to slipstream Windows updates
To use this method, you will need to set up a fresh machine and let it fully update. This has to be done for each OS that you deploy. Luckily, you will only have to do this one time. When your first machine is fully patched, head back to your administrative command prompt and type the following:
Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U”
Be sure to specify your machine’s name in the command. This will launch a new window where you can watch as each update is installed. Even though this part is automated, it will still take a while to complete (about an hour for my test VM).
DISM has successfully added Windows updates to our WIM.
Once you are at the return prompt in the second window, all available updates have been slipstreamed. Head back to your first command prompt and type:
Dism /unmount-wim /mountdir:C:\Mount /commit
At this point, DISM will apply the changes that you’ve made, save your image, and unmount it. Your local Mount folder should now be empty. To speed up this process on other operating systems, save the following commands in a batch file:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1 Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U” Dism /unmount-wim /mountdir:C:\Mount /commit
Deploy your fully patched image to a test computer. Once the install finishes, check Windows Updates for any available updates. You should notice a drastic reduction! In my case, only updates that install with an EXE were still available. From here, you can deploy those remaining updates with WSUS or MDT Applications, or you can allow the Windows Updates task to finish the job.
Update: If you are looking for a way to download updates read this and this new article explains how to slipstream updates with PowerShell and SCCM.
Excellent! Does this also work for SCCM 2012/R2? If so, are there any extra steps to do so?
I believe sccm 2012 r2 has this feature built in. Point your wim file to your WSUS server and it will auto inject updates periodically as scheduled without having to mount the wim or use DISM.
Hi Rory – SCCM 2012+ includes this feature. Select your WIM and then choose the Schedule Updates action.
You will need SUP configured in SCCM though.
Great, thank you both!
Nice article. I have to try it !
I think there is a typo in the variable used in the For loop.
If you have to give the path and not the cab filename, you can use “%~dpf%\.” or just %f if it’s ok with the cab filename.
Regards
Thank you David – %f should work fine. Give it a try and let me know if you have any issues!
Great! Now how can I do this to my Office setup files? Once I install Office via a Task Sequence, there are still a ton of MS updates to install. I know I can drop them into the packages folder, but that’s tedious, and it’s not true slip-streaming like this process is.
the %u at the end of the second command needs to be changed to %f, thats the only way I got this to work. the file attempts to pull the updates out but i just keep getting dism failed notices.
If you get a cryptic error along the lines of “The filename, directory name, or volume label syntax is incorrect.” – copy/paste the above line into a text editor or make sure to replace the quotes – the ones here may LOOK like “normal” ones, especially when pasted on a CMD, but they are indeed different!
Took me a few tries until I decided to paste the line into an editor and then I could see what was wrong.
Good artcicle, btw!
You are all over the place! 🙂
Scripts can format strangely sometimes so thank you for pointing that out.
I am trying to update one of the images but was getting an error. I had a look at the directory structure on the mounted image and it doesn’t actually have a SoftwareDistribution Folder under the windows directory. I am assuming windows update creates this the first time it is run? Does this mean this method won’t work for our images?
Thanks.
Hey James – I’ve used this against the default install.wim folder. Are you using a captured wim?
Hey moody,
thanks for it. For me it only works at the end with a %f -> not (“%f”)
For me its very interesting to apply windows office 2010 updates. But they all failed when trying to apply the word/excel%.cab there is always an error.
Do you have a practice to apply office updates into a .wim?
Thanks in advice,
Henning
I don’t have specific practice with 2010 updates. With Office, I will grab the latest Service Pack and stick it in the Updates Folder in the install. I then roll that into a reference image or task sequence step.
I have a captured image that I need to update. It wants to work but get’s to about 60% then fails with this error. DSIM filed no operation was performed. So far 2 were successful and the rest 50+ failed. Should I run it again?
Hey Eric,
Try to isolate the update that is causing the error.
Hey,
Great guide here man! I am however having an issue with all the update’s aside from the first 2 (same issue as Eric it seems!?) They all error out. Was you able to work past this Eric?, or, Joseph, can you please elaborate on “Try to isolate the update that is causing the error.”, as most of the update’s are erroring.
PS: I am using ‘%f’ (as suggested in the comments) at the end of the 2nd cmd line, as ‘%u’ didnt work for me either.
Thanks!
Martyn K.
Hi Martyn – I am glad you like this guide! I never heard back from Eric.
What OS are you patching? About how many updates are you slipstreaming?
You can control the updates that are patched by removing items in \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download
Hey Joseph thanks for this guide
Is it possible to copy just the cab files to a central directory and add them from there or do they have to be located with all the other files that were unpacked?
I ask because I am getting an error on each add-package call, 800f0816
Hey, Joseph. Many thank yous for your article. It got me started in the right path faster than others I found online. All this MDT/WDS stuff is hard to cobble together especially when pressed for time. With that said, all the commands ran fine, however I blasted the image onto a box and none of the updates got installed. I ran the commands against the captured and the install images.
Prior to starting this process, the original capture image already had 183 updates installed. After running the dism commands and imaging a box, the number of updates remained the same. That’s how I’m able to tell the injected updates didn’t take. Maybe you or someone else here has seen this before. Thanks in advance.
Geoff – I would keep them in their directories.
Hi Hector – you are right about MDT/WDS stuff getting confusing. Try adding SCCM to the mix as well. 🙂
I haven’t seen that before – did you see any errors in the command prompt when you were injecting them?
I am currently testing this out as this is an interesting approach. The only issue that I am running into, which may be the cause of issues others above are running into, is that many of the CABs that are downloaded by Windows Update are EXPRESS cabs which do not actually have the actual update held within them and cannot be used for DISM integration. When you update do you get these files too or are you somehow getting the full cab files?
Thanks!
In that case, I would look at the KB number that isn’t installing and grab the files from the Windows Update Catalog:
http://catalog.update.microsoft.com/v7/site/Home.aspx
If a file was updated multiple times by Microsoft, does this process apply the updates in sequence so the newest update is applied last?
Thank you for the response Joseph, however the majority of the patches are the EXPRESS cabs. Out of 183 downloaded patches, I would say 160 are EXPRESS. Downloading the patches manually for each of them would be a bear, as in your early comments in the article. Can you check your cabs to see if they are the same? Just curious if all 180ish of yours deploy correctly using the EXPRESS cabs.
Hi Jeff and all forum members,
I have played around and found a way to download actual CAB and MSU files and integrate them into the image, using the suggested DISM technique.
Head to GOOGLE and search for WSUS Offline. This is a great peace of software that lets you download update files for specific OS. The file are not express in CAB and MSU format.
Use the option in WSUS Offline to copy downloaded files to let’s say C:\Updates
Follow the instructions in this article and when you get to the point that you need to type in the command to inject the updates to the Image use the following two commands:
Mark: It process in the order found in \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\
Andrew: I can’t check my environment anymore as I’ve switched jobs and now use SCCM to inject patches into my WIMs as part of the monthly update cycle (http://technet.microsoft.com/en-us/library/hh397283.aspx)
As of the time of this article though, they did inject in. But Microsoft might have changed something on their side.